Download Assignment Group A1

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
Document related concepts

Point-to-Point Protocol over Ethernet wikipedia , lookup

Wireless security wikipedia , lookup

AppleTalk wikipedia , lookup

Zero-configuration networking wikipedia , lookup

Piggybacking (Internet access) wikipedia , lookup

Airborne Networking wikipedia , lookup

Multiprotocol Label Switching wikipedia , lookup

Distributed firewall wikipedia , lookup

Recursive InterNetwork Architecture (RINA) wikipedia , lookup

Internet protocol suite wikipedia , lookup

Asynchronous Transfer Mode wikipedia , lookup

IEEE 1355 wikipedia , lookup

Computer network wikipedia , lookup

Net bias wikipedia , lookup

List of wireless community networks by region wikipedia , lookup

TCP congestion control wikipedia , lookup

Network tap wikipedia , lookup

RapidIO wikipedia , lookup

Packet switching wikipedia , lookup

Wake-on-LAN wikipedia , lookup

Deep packet inspection wikipedia , lookup

Cracking of wireless networks wikipedia , lookup

Transcript 
Assignment Group-A_1
Problem Definition:
Implementation of Packet Sniffer. Program should identify header of each protocol.
Use multi-core programming
1.1 Prerequisite:
1. Socket Programming.
2. Header Formats.
3. TCP/IP and OSI.
1.2 Learning Objectives:
Understand the working of Packet Sniffing Tool
Implementation of Tool for analyzing traffic.
1.3 New Concepts:
a. Packet Analyzer
b. Python networking related functions
1.4 Theory
1.4.1 Introduction
Have you ever thought about how your computer talks with others on a network? Would you
like to listen to, or “sniff”, the conversation? Network engineers, system administrators, security
professionals and, unfortunately, crackers have long used a tool that allows them to do exactly
that. This nifty utility, known as a sniffer, can be found in the arsenal of every network guru,
where it’s likely used every day for a variety of tasks. This article will offer a brief overview of
sniffers, including what they do, how they work, why users need to be aware of them, and what
users can do to protect themselves against the illegitimate use of sniffers
1.4.2 What is a Sniffer?
A packet sniffer can be a computer program or a piece of computer hardware that can
intercept and log traffic passing over a digital network or part of a network.
A sniffer program which targets packets of data transmitted over the Internet. Packet
sniffing may sound like the latest street drug craze but it's far from it. Packet sniffers or protocol
analyzers are tools that are commonly used by network technicians to diagnose network-related
problems.
A packet analyzer (also known as a network analyzer, protocol analyzer or packet sniffer, or for
particular types of networks, an Ethernet sniffer or wireless sniffer) is a computer program or a
piece of computer hardware that can intercept and log traffic passing over a digital network or
part of a network. Packet capture is the process of intercepting and logging traffic.
Figure 1: Packet sniffer
1.4.3 How Does a Sniffer Work?
Packet sniffers work by intercepting and logging network traffic that they can 'see' via the
wired or wireless network interface that the packet sniffing software has access to on its host
computer.
On a wired network, what can be captured depends on the structure of the network. A
packet sniffer might be able to see traffic on an entire network or only a certain segment of it,
depending on how the network switches are configured, placed, etc. On wireless networks,
packet sniffers can usually only capture one channel at a time unless the host computer has
multiple wireless interfaces that allow for multichannel capture.
Once the raw packet data is captured, the packet sniffing software must analyze it and
present it in human-readable form so that the person using the packet sniffing software can make
sense of it. The person analyzing the data can view details of the 'conversation' happening
between two or more nodes on the network. Network technicians can use this information to
determine where a fault lies, such as determining which device failed to respond to a network
request.
Figure 2 shows the structure of a packet sniffer. At the right of Figure 1 are the protocols (in this
case, Internet protocols) and applications (such as a web browser or ftp client) that normally run
on your computer. The packet sniffer, shown within the dashed rectangle in Figure 1 is an
addition to the usual software in your computer, and consists of two parts. The packet capture
library receives a copy of every link-layer frame that is sent from or received by your computer.
Messages exchanged by higher layer protocols such as HTTP, FTP, TCP, UDP, DNS, or IP all
are eventually encapsulated in link-layer frames that are transmitted over physical media such as
an Ethernet cable. In Figure 1, the assumed physical media is an Ethernet, and so all upper layer
protocols are eventually encapsulated within an Ethernet frame. Capturing all link-layer frames
thus gives you all messages sent/received from/by all protocols and applications executing in
your computer.
Figure 2: Packet sniffer structure
5 Header Formats:
IP Header Format:
TCP Header Format:
1.6 Need of Sniffer:
On a normal LAN there are thousands of packets exchanged by multiple machines every
minute, ample supply for any attacker.Anything transmitted in plaintext over the network will
be vulnerable - passwords, web pages, database queries and messaging to name a few.
A sniffer can easily be customized to capture specific traffic like telnet sessions or e-mail. Once
traffic has been captured, crackers can quickly extract the information they need - logins,
passwords and the text of messages.And the users will likely never know they were
compromised - sniffers cause no damage or disturbance to a network environment.
1.7 Sniffer Tools Examples:
k1. Wireshark :Wireshark is a network packet analyzer. A network packet analyzer will try to capture
network packets and tries to display that packet data as detailed as possible.
You could think of a network packet analyzer as a measuring device used to examinewhat’s
going on inside a network cable, just like a voltmeter is used by an electrician to examine what’s
going on inside an electric cable (but at a higher level, of course).In the past, such tools were
either very expensive, proprietary, or both. However, with the advent of Wireshark, all that has
changed.Wireshark is perhaps one of the best open source packet analyzers available today.
2. TCPDUMP:
TCPDUMP is a common packet analyzer that runs under the command line. It allows the user to
intercept and display TCP/IP and other packets being transmitted or received over a network to
which the computer is attached. Distributed under the BSD license,tcpdump is free software.
Tcp dump works on most Unix-like operating systems: Linux, Solaris, BSD, OS X, HP-UX and
AIX among others. In those systems, tcp dump uses the libpcap library to capture packets. The
port of tcp dump for Windows is called Win Dump; it uses Win Pcap, the Windows port of
libpcap.
Uses of TCPDUMP:
Tcp dump prints the contents of network packets. It can read packets from a network interface
card or from a previously created saved packet file. Tcp dump can write packets to standard
output or a file. It is also possible to use tcp dump for the specific purpose of intercepting and
displaying the communications of another user or computer. A user with the necessary privileges
on a system acting as a router or gateway through which unencrypted traffic such as Telnet or
HTTP passes can use tcp dump to view login IDs, passwords, the URLs and content of websites
being viewed, or any other unencrypted information. The user may optionally apply a BPF-based
filter to limit the number of packets seen by tcp dump this renders the output more usable on
networks with a high volume of traffic.
1.8 Multicore Programming:
A multi-core processor is a single computing component with two or more independent
actual central processing units (called "cores"), which are the units that read and execute program
instructions.[1] The instructions are ordinary CPU instructions such as add, move data, and
branch, but the multiple cores can run multiple instructions at the same time, increasing overall
speed for programs amenable to parallel computing.
1.9 Assignment Questions:
1.
2.
3.
4.
What is Packet Sniffing?
Draw Header Formats of different Protocols like IP, ICMP, TCP, UDP?
What is socket Programming? Syntax to create Socket in Python.
Why to use Packet Sniffing Tools?
Conclusion:
Hence we Conclude when we run these program different packets are analyzed by
extracting Headers Fields different fields of captured packet.
Related documents
Network Measurement
Network Measurement
Network Packet Sniffer
Network Packet Sniffer
Summer Packet EnteringGrade7
Summer Packet EnteringGrade7
Network Traffic Measurement and Modeling
Network Traffic Measurement and Modeling
see Jose`s poster
see Jose`s poster
2 - UTRGV Faculty Web
2 - UTRGV Faculty Web
Networks
Networks
H37-R38 - Uplift Mighty Prep
H37-R38 - Uplift Mighty Prep
Modern Geometry Review Packet
Modern Geometry Review Packet
Slides
Slides
1. Application layer, Transport layer, Internet layer, Link layer 2
1. Application layer, Transport layer, Internet layer, Link layer 2
The World of the Internet
The World of the Internet
Document
Document
Datasheet - EnOcean Alliance
Datasheet - EnOcean Alliance
Eastern Michigan University - Emunix Documentation on the Web
Eastern Michigan University - Emunix Documentation on the Web
Sniffer University 1-3
Sniffer University 1-3